Site Not Loading

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter John Ward

    (@spyderman4g63)

    Pretty sure I was compromised. The thing is that I am running 2.9.2 on one of the sites, but I have a few hundred that were on 2.8.4 and some that may have been running 2.7. I think one of the older ones was compromised then any files with 777 permissions were infected.

    Thread Starter John Ward

    (@spyderman4g63)

    The JS being injected starts with this:

    <script>var i;if(i!=’Mp’){i=”};

    and always ends with this comment
    <!–ae3b69c5928c20d34d9fd994b1459c9c–>

    Thread Starter John Ward

    (@spyderman4g63)

    By the way this exploit occurred tonight at 7:13 on wordpress version 2.9.2

    Thread Starter John Ward

    (@spyderman4g63)

    I’m trying reverse engineer the js. So far it is calling some .ru domain.

    Looks like it is trying to inject links to some site:
    cnblogs.com
    detiknews.com
    apple.com
    ratemypart.ru

    To name some.

    Now I am finding several new index.php files that simply have a comment of:
    //silence is golden

    When I download 2.9.2 and open it there are index.php files that have //silence is golden in them. Looks like original files to me.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Site Not Loading’ is closed to new replies.